[THIN] Re: Roaming Profiles, Policies, and Active Directory

• From: "BRUTON, Malcolm, FM" <Malcolm.BRUTON@xxxxxxxx>
• To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
• Date: Tue, 19 Oct 2004 10:35:08 +0100

You've got a bit of work to do...

I assume that your servers are in a Win NT 4 domain

I now assume you have users using both NT 4 and windows 2000 users logging
on.

I also assume you use Windows system policy for your users to apply policy.
The issue with this is that it will only apply to NT 4 users and not your
windows 2000 users.

It sounds like you also use an AD policy for your users as well.  Any AD
users will get this policy.  However because your machines are not in the AD
domain you can't do loop back processing and you will get all policies from
AD for these users.  You will not get the AD machine polices.  However these
users don't get the system policy (NT4 style policies)

To work around this you need to use local 2000 polices.  Problem with this
is you can't set these up for different groups of users like you can for NT
4 system policies.  

What you really need to do is get your servers into AD ASAP.  You will still
need the NT system policies for your users logging onto the NT4 domain.

Lastly the other error regarding temporary profiles.  If you look at your
roaming profiles (assume you use those) and look at the owner you will see
that the NT4 user has ownership.  When the user tries to load this they get
access denied.  Sid history just doesn't seem to work.  What you need to do
is change the Owner of the profile to be the administrator.  Then believe it
or not the machine can load the profile because it has rights.

Hope this helps.  Been doing all this recently myself

Malcolm 


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Jacob Walker
Sent: 18 October 2004 12:49
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Roaming Profiles, Policies, and Active Directory

We are in the midst of a migration from NT domains to an Active Directory 
domain.  At this time, we are only migrating users and computers, and not 
servers.  We are seeing issues in our Citrix/Terminal Server environments 
and wondered if someone could help.

Users are migrating with SID history.  However, when connecting to Citrix 
servers using their roaming profiles, the follow errors are generated:

App: E 'Mon Oct 18 07:33:23 2004': Userenv - " Windows cannot do loopback 
processing when the computer is joined to a downlevel domain or is a member 
of a workgroup.  Loopback processing will be disabled.  "
App: E 'Mon Oct 18 07:33:22 2004': Userenv - " Windows cannot find the local

profile and is logging you on with a temporary profile. Changes you make to 
this profile will be lost when you log off.  "
App: E 'Mon Oct 18 07:33:22 2004': Userenv - " Windows did not load your 
roaming profile and is attempting to log you on with your local profile. 
Changes to the profile will not be copied to the server when you logoff. 
Windows did not load your profile because a server copy of the profile 
folder already exists that does not have the correct security. Either the 
current user or the Administrator's group must be the owner of the folder. 
Contact your network administrator.  "

Also, even though our Citrix servers are Windows 2000, we have been using 
NT-style policies while in the NT domain.  Now, those policies are not 
applying when users migrated to Active Directory logon.  Is there any way to

get them to apply?  We really aren't ready to move the servers to Active 
Directory right now.  And, we imagine it will take many weeks to figure out 
how to configure and use a Group Poicy for the Citrix servers.  In the 
meantime, this is becoming a pretty large issue.

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
hthttp://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? --   Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id=320
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm


***********************************************************************************
The Royal Bank of Scotland plc. Registered in Scotland No 90312.       
Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB.                      
                
Authorised and regulated by the Financial Services Authority     
 
This e-mail message is confidential and for use by the                      
addressee only. If the message is received by anyone other             
than the addressee, please return the message to the sender          
by replying to it and then delete the message from your                    
computer. Internet e-mails are not necessarily secure. The               
Royal Bank of Scotland plc does not accept responsibility for          
changes made to this message after it was sent.                              
                                                                                
                        
Whilst all reasonable care has been taken to avoid the                   
transmission of viruses, it is the responsibility of the recipient to        
ensure that the onward transmission, opening or use of this             
message and any attachments will not adversely affect its               
systems or data.  No responsibility is accepted by The Royal           
Bank of Scotland plc in this regard and the recipient should carry   
out such virus and other checks as it considers appropriate.           
                                                                                
                               Visit our websites at:                           
                                               
http://www.rbs.co.uk/CBFM                                                       
 
http://www.rbsmarkets.com                                                       
  
                                                                                
                       
********************************************************************************

********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? --   Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id=320
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts:

• » [THIN] Roaming Profiles, Policies, and Active Directory
• » [THIN] Re: Roaming Profiles, Policies, and Active Directory

1. Home
2. thin
3. Archive
4. 10-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---